[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

11.4 Secure Socket Layer

Before you use SSL, you should understand the trust model of certificate authorities (CA). Currently, Mew supports "stunnel" version 3 and version 4 for SSL.

Before you use Mew with SSL, you must be sure that an SSL connection can be established to your SSL server. Since "stunnel" is linked to the "openssl" library, you should understand "openssl".

Suppose we use "~/.certs" as a directory where certificates of trusted CAs are contained. You need to copy PEM-format certificates embedded in the source of "openssl" to this director. Each name should be "<hash>.0".

Here we call a sample CA certificate "ca.pem". You can calculate <hash> as follows:

 
% openssl x509 -hash -noout -in ca.pem

To copy the certificate, do as follows:

 
% cp ca.pem ~/.certs/`openssl x509 -hash -noout -in ca.pem`.0

The certificates in the source of "openssl" do not cover all CAs. If the certificate of your SSL server is signed by another CA, you must copy the certificate of the CA to the directory. You may be able to find appropriate certificate from the following page:

 
http://www.columbia.edu/~ariel/good-certs/ns45/

There are two important Mew variables to control "stunnel". ‘mew-ssl-cert-directory’ is the directory where you install certificates of trusted CAs. It's default value if "~/.certs". Also, you can set the verification level with ‘mew-ssl-verify-level’. It's default to 1. The meanings of the values are as follows:

0

No verification.

1

Verify server's certificate if present. If verification failed, an SSL/TLS connection is not created. If not present, an SSL/TLS connection is created.

2

Verify server's certificate. If verification failed, an SSL/TLS connection is not created. If not present, an SSL/TLS connection is not created.

3

Verify server's certificate which locally installed (not one from the server).

Then configure SSL-related variables of each protocol. For example, if you want to use POP over SSL, set ‘mew-pop-ssl’ to ‘t’. Also, if its port is not a standard one, configure ‘mew-pop-ssl-port’.

 
(setq mew-pop-ssl t)

To use SSL for SMTP, configure as follows:

 
(setq mew-smtp-ssl t)

While a connection is protected by SSL, a picture of a lock is shown in the mode line.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]

This document was generated by U-X61T\saito on June, 6 2008 using texi2html 1.78.